SA-2025-104 - Ruby resolv gem DNS DoS (CVE-2025-24... - Extreme Networks - 120552

Summary

In Ruby resolv gem, there is insufficient checking of the length of a decompressed domain name extracted from a compressed form in a DNS packet. An attacker can supply a highly compressed domain name that expands to a very long name, consuming excessive CPU during decompression. This may result in a DoS via malformed DNS packet.

Products Potentially Affected

OS/Product	Exposure
ExtremeControl for Site Engine	Yes

Repair Recommendations

ExtremeControl for Site Engine:

Fixed in 25.08.12 or later

Please see the full Security Advisory here for more details and future updates.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Popular Articles

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)

GTM-P2G8KFN